Application No. 10/056,889 
Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. Please amend the claims as follows: 

Listing of Claims: 

1 . (Currently Amended) A method for transmitting Internet Key Exchange (IKE) 
data packets across a network comprising the steps of: 

receiving a vendor identification valu e from a receiving node : 

in response to receiving the vendor identification value, using the vendor identification 
value to determinedetermining that the receiving node is IKE fragmentation is-capable; 

generating and transmitting an IKE packe t to the receiving node over a network, the IKE 
packet having an original IKE header; 

determining whether a response to the IKE packet was received within a predetermined 
time interval : 

determining a maximum transmission unit size for the network; 

fragmenting the IKE packet into a plurality of smaller packets when a response is not 
received that do not exceed the maximum transmission unit size , wherein each of the smaller 
packets includes a header formatted according to the IKE protocol; and 

transmitting each of the plurality of smaller packets over a network. 

2. (Previously Presented) The method of claim 1 wherein each of the smaller 
packets includes a header formatted according to the IKE protocol and each of the headers 
formatted according to the IKE protocol includes an identifier that may be used to associate the 
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smaller packet with the IKE packet. 

3 . (Currently Amended) A network node that communicates with other network 
nodes according to the Internet Key Exchange (IKE) protocol comprising: 

a User Datagram Protocol (UDP) stack that is capable of generating UDP data packets for 
transmission over a network; 

an IKE protocol stack that generates IKE data packets that are subsequently processed by 
the UDP protocol stack; and 

a fragmenter module that: 

receives a vendor identification value from a network node and in 
response to receiving the vendor identification value uses the vendor 
identification value to determine that the network node is IKE fragmentation 
capable; 

intercepts IKE data packets prior to being processed by the UDP protocol 
stack and splits the IKE data packets into a plurality of smaller data packets that 
may be subsequently formatted by the UDP protocol stac k, wherein each of the 
plurality of smaller data packets includes a header formatted according to the IKE 
protocol and state information for network address translator processing,!" !";]] 
wherein the fragmenter module does not split the IKE data packets when-antess 
no rcoponoo to a response to a previously-sent IKE data packet has been 
successfully received within a predetermined time interval received: and 
wherein each of the plurality of smaller data packets includes a header formatted 
according to the IKE protocol and state information for network address translator processing . 
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4. (Canceled) 

5. (Canceled) 

6. (Currently Amended) A method for receiving fragmented Internet Key Exchange 

(IKE) data packets comprising the steps of: 

sending a vendor identification value, the vendor identification value indicating the 
capability to process IKE fragments IKE fragmentation oapahility : 

receiving a plurality of fragments of an IKE data packet from a transmitting node, 

wherein each fragment includes an identifier that associates each fragment with an IKE data 

packet; 

discarding all fragments that contain a first identifier if a predetermined number of 
fragments are received that contain a second identifier; and 

determining the total size of all fragments that contain the same identifier and discarding 
said fragments when the total size exceeds a predetermined limit. 

7. (Original) The method according to claim 6 wherein the step of discarding all 
fragments that contain a first identifier is performed when at least one fragment is received that 
contains a second identifier. 

8. (Original) The method according to claim 6 further comprising the steps of: 
determining whether all fragments that are associated with an IKE data packet have been 

received; and 

sending a no acknowledgment (NAK) message to the transmitting node when at least one 
fragment has not been received. 

9. (Canceled) 



4 



Application No. 10/056,889 

1 0. (Previously Presented) The method according to claim 6 wherein the 
predetermined limit is 64 kilobytes. 

1 1 . (Currently Amended) A system for transmitting Internet Key Exchange (IKE) 
protocol data packets across a network comprising: 

means for generating an IKE packet; 

means for initializing, operating, and monitoring a timer; 

means for detecting whether the IKE packet was successfully received at an[[the]] 
intended receiver node before the expiration of the timer; 

means for receiving a vendor identification value from the receiver node and using the 
vendor identification value to determine that the receiver node is IKE fragmentation capable; 

means for fragmenting the IKE packet into smaller packets when the IKE packet was not 
successfully received at the receiver nodei 

means for adding a separate IKE fragment header to each of the smaller packets; 

means for adding state information to each of the smaller packets for network address 
translator processing; 

means for adding a separate User Datagram Protocol header to each of the plurality of 
smaller packets; and 

means for transmitting each of the plurality of smaller packets over a network. 

1 2. (Original) The system of claim 1 1 further comprising means for determining 
the capability of the receiver node for receiving fragmented packets. 

13. (Currently Amended) A method for transmitting data packets across a network 
comprising the steps of: 
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generating and transmitting an Internet Key Exchange (IKE) packet over a network to_a 
receiving node , the IKE packet having an original IKE header; 

fragmenting of the IKE packet by an IP protocol layer: 

determining whether a response to the IKE packet was receive d within a predetermined 
time interval : 

using a vendor identification value received from the receiving node to determine 
whether the receiving node is capable of processing IKE fragments: 

fragmenting the IKE packet into a plurality of smalle r IKE packets to avoid the 
fragment i ng of the IKE packet by the IP protocol laye r when a r e sponse is not rec e iv e d ; 

adding a separate IKE fragment header to each of the plurality of smalle r IKE packets, 
wherein one of the plurality of smalle r IKE packets includes the original IKE header; 

adding state information to each of the plurality of smalle r IKE packets for network 
address translator processing; 

adding a separate User Datagram Protocol header to each of the plurality of smalle r IKE 
packets; and 

transmitting each of the plurality of smalle r IKE packets over a network. 
14-15. (Canceled) 

1 6. (Previously Presented) The method of claim 1 3 wherein the plurality of 
smaller packets contain the same information as that contained within the original IKE packet. 

17. (Canceled) 

18. (Currently Amended) A method for transmitting data packets across a network 
comprising the steps of: 

receiving a vendor identification valu e from a receiver node : 
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in response to receiving the vendor identification value, using the vendor identification 
value to determine determining that the receiver node is IKE fragmentation is-capable; 

generating a data packet containing Internet Key Exchange (IKE) information the data 
packet having an original IKE header; 

initializing a timer; 

determining, based at least in part on the expiration of the timer, whether fragmentation 
of the data packet is necessary to successfully transmit the IKE information to the receiver over a 
network; 

fragmenting the data packet if necessary into a plurality of smaller packets that may be 
transmitted over a network; 

adding a separate IKE fragment header to each of the plurality of smaller packets, 
wherein one of the plurality of smaller packets includes the original IKE header; 

adding state information to each of the plurality of smaller packets for network address 
translator processing; [[and]] 

adding a separate User Datagram Protocol header to each of the plurality of smaller 
packets; and 

transmitting each of the plurality of smaller packets over a network. 

19. (Canceled) 

20. (Canceled) 

21. (Canceled) 

22. (Previously Presented) A method for intelligently discarding fragmented 
Internet Key Exchange (IKE) data packets to efficiently manage resources comprising: 

sending a vendor identification value, the vendor identification value indicating that a 
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receiving node is capable of processing IKE fragments! 

receiving a plurality of fragments of a single IKE data packet, wherein the fragments 
were transmitted from a transmitting node in an order that can be determined from information 
contained within the received fragments; 

determining from information contained within the received fragments whether any of 
the received fragments have been received in an order that differs from the order in which the 
fragments were transmitted from the transmitting node; and 

discarding at least certain of the received fragments when a predetermined number of out 
of order fragments from a single IKE data packet have been received. 

23 . (Previously Presented) The method of claim 22 further including the step 
of sending a message to the transmitting node that out of order packets have been received. 
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